Helm 是一个 Kubernetes 应用的包管理工具,用来管理 chart——预先配置好的安装包资源,有点类似于 Ubuntu 的 APT 和 CentOS 中的 YUM。
1 Helm
1.1 安装
## 配置go环境
wget https://golang.org/dl/go1.15.5.linux-amd64.tar.gz
tar zxvf go1.15.5.linux-amd64.tar.gz
cd go
mv bin/go /usr/bin/
## 安装helm
git clone https://github.com/helm/helm.git
cd helm
make
mv bin/helm /usr/bin
1.2 helm 创建Chart
base) [root@node46 zhangjx]# helm create mycharts
(base) [root@node46 zhangjx]# cd mycharts
(base) [root@node46 mycharts]# ls
charts Chart.yaml templates values.yaml
1.2.1 Charts.yaml,这个应该的配置文件
(base) [root@node46 mycharts]# cat Chart.yaml | grep -v '#'
apiVersion: v2
name: mycharts
description: A Helm chart for Kubernetes
type: application
version: 0.1.1
appVersion: 1.16.0
1.2.2 values.yaml,对应不同的k8s资源的相关配置
(base) [root@node46 mycharts]# cat values.yaml | grep -v "#"
replicaCount: 1
image:
repository: nginx
pullPolicy: IfNotPresent
tag: latest
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
create: true
annotations: {}
name: ""
podAnnotations: {}
podSecurityContext: {}
securityContext: {}
service:
type: ClusterIP
port: 80
ingress:
enabled: false
annotations: {}
hosts:
- host: chart-example.local
paths: []
tls: []
resources: {}
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
1.2.3 templates下面对应的k8s相关资源的yaml文件,以deployment为例
(base) [root@node46 mycharts]# ls templates/
deployment.yaml _helpers.tpl hpa.yaml ingress.yaml NOTES.txt serviceaccount.yaml service.yaml tests
(base) [root@node46 mycharts]# cd templates/
(base) [root@node46 templates]# cat deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "mycharts.fullname" . }}
labels:
{{- include "mycharts.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "mycharts.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "mycharts.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "mycharts.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
mycharts
对应Chart.yaml下的配置信息Values
对应values下的配置信息
1.3 安装chart
(base) [root@node46 mycharts]# kubectl create ns nginx
namespace/nginx created
(base) [root@node46 mycharts]# helm lint ## 检查chart配置的正确性
==> Linting .
[INFO] Chart.yaml: icon is recommended
1 chart(s) linted, 0 chart(s) failed
(base) [root@node46 mycharts]# helm install helm-nginx .
NAME: helm-nginx
LAST DEPLOYED: Tue Nov 17 11:16:53 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=mycharts,app.kubernetes.io/instance=helm-nginx" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
(base) [root@node46 mycharts]# kubectl get all -n nginx
NAME READY STATUS RESTARTS AGE
pod/helm-nginx-mycharts-c94774b66-rbp8p 1/1 Running 0 18s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/helm-nginx-mycharts ClusterIP 10.1.209.186 <none> 80/TCP 18s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/helm-nginx-mycharts 1/1 1 1 18s
NAME DESIRED CURRENT READY AGE
replicaset.apps/helm-nginx-mycharts-c94774b66 1 1 1 18s
(base) [root@node46 mycharts]#
1.4 查看并打包
(base) [root@node46 zhangjx]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
helm-nginx default 1 2020-11-17 11:16:53.983298944 +0800 CST deployed mycharts-0.1.1 1.16.0
## 打包
(base) [root@node46 zhangjx]# helm package ./mycharts/
Successfully packaged chart and saved it to: /home/zhangjx/mycharts-0.1.1.tgz
## 卸载
(base) [root@node46 zhangjx]# helm uninstall helm-nginx
release "helm-nginx" uninstalled
## 使用打包好的helm进行install
(base) [root@node46 zhangjx]# helm install helm-nginx ./mycharts-0.1.1.tgz
NAME: helm-nginx
LAST DEPLOYED: Tue Nov 17 13:37:31 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=mycharts,app.kubernetes.io/instance=helm-nginx" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
(base) [root@node46 zhangjx]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
helm-nginx default 1 2020-11-17 13:37:31.328734126 +0800 CST deployed mycharts-0.1.1 1.16.0
(base) [root@node46 zhangjx]# kubectl create ns nginx-1
namespace/nginx-1 created
## 设置namespace为nginx-1
(base) [root@node46 zhangjx]# helm install helm-nginx-1 --set namespace=nginx-1 ./mycharts-0.1.1.tgz
NAME: helm-nginx-1
LAST DEPLOYED: Tue Nov 17 13:40:43 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=mycharts,app.kubernetes.io/instance=helm-nginx-1" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
(base) [root@node46 zhangjx]# kubectl get pod -n nginx-1
NAME READY STATUS RESTARTS AGE
helm-nginx-1-mycharts-67748f87b7-skfjs 1/1 Running 0 10s
打包好的应用文件,该如何管理?Helm 3.0之前使用tiller
(helm init
)对打包文件进行管理,但是3.0之后helm init
命令取消,下面介绍chartmuseum
对helm打包应用进行管理,便于Kubernetes应用信息的持久化
1.5 Helm常用命令
helm create
:在本地创建新的 chart;helm dependency
:管理 chart 依赖;helm instal
l:安装 chart;helm lint
:检查 chart 配置是否有误;helm list
:列出所有 release;helm package
:打包本地 chart;helm repo
:列出、增加、更新、删除 chart 仓库;helm rollback
:回滚 release 到历史版本;helm pull
:拉取远程 chart 到本地;helm search
:使用关键词搜索 chart;helm uninstall
:卸载 release;helm upgrade
:升级 release;helm show
: 查看charts的配置信息。
2 Chartmuseum
2.1 安装
curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/linux/amd64/chartmuseum
chmod +x chartmuseum
cp chartmuseum /usr/local/bin
2.2 配置并启动Chartmuseum
2.2.1 service 文件配置
# cat /etc/systemd/system/chartmuseum.service
[Unit]
Description=chartmuseum
Requires=network-online.target
After=network-online.target
[Service]
EnvironmentFile=/etc/chartmuseum/chartmuseum.config
User=root
Restart=allways
ExecStart=/usr/local/bin/chartmuseum $ARGS
ExecStop=/usr/local/bin/chartmuseum step-down
[Install]
WantedBy=multi-user.target
2.2.2 /etc/chartmuseum/chartmuseum.config配置
# mkdir -p /etc/chartmuseum/
# cat /etc/chartmuseum/chartmuseum.config
ARGS=
--port=9090
--storage="local"
--storage-local-rootdir="/var/lib/chartmuseum/chartstorage"
--log-json
--basic-auth-user=admin
--basic-auth-pass=admin
- --port: chartmuseum服务监听端口
- --storage: local表示使用本地存储
- --storage-local-rootdir: 本地存储点路径,helm push chart的存储路径
- --log-json: 日志显示为json格式
- --basic-auth-user: 用户名(使用基本的认证方式,用户名+密码,使用证书方式参照点我)
- --basic-auth-pass: 密码 (chartmuseum服务起来后,后续给helm添加repo时需要加上--username xxx --password
2.2.3 启动服务
systemctl start chartmuseum
systemctl status chaetmuseum
3 Chartmuseum与Helm 配合使用
3.1 增加repo
helm repo add chartmuseum http://192.168.5.46:9090 --username admin --password admin
(base) [root@node46 bak]# helm repo list
NAME URL
chartmuseum http://192.168.5.46:9090
3.2 使用
3.2.1 上传
# curl -u admin:admin --data-binary "@my" http://192.168.4.32:9090/api/charts
3.2.2 查看
GET /index.yaml
得到chartmuseum的全部charts
# curl http://192.168.5.46:9090/index.yaml -u admin:admin
apiVersion: v1
entries:
mycharts:
- apiVersion: v2
appVersion: 1.16.0
created: "2020-11-17T14:04:28.005906+08:00"
description: A Helm chart for Kubernetes
digest: d0363f6588e36345f05656cbae5a6e4639c1e1bd606ad8761a46600d1e11bd07
name: mycharts
type: application
urls:
- charts/mycharts-0.1.1.tgz
version: 0.1.1
generated: "2020-11-17T14:05:19+08:00"
serverInfo: {}
3.2.3 下载
- 使用
curl
(base) [root@node46 bak]# curl -O http://192.168.5.46:9090/charts/mycharts-0.1.1.tgz -u admin:admin
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3600 0 3600 0 0 612k 0 --:--:-- --:--:-- --:--:-- 703k
(base) [root@node46 bak]# ls
mycharts-0.1.1.tgz
helm pull
(base) [root@node46 zhangjx]# helm repo list
NAME URL
chartmuseum http://192.168.5.46:9090
(base) [root@node46 bak]# helm pull --username admin --password admin --repo http://192.168.5.46:9090 mycharts --version 0.1.6
(base) [root@node46 bak]# ls
mycharts-0.1.6.tgz
3.2.4 列出所有的charts(json格式)
(base) [root@node46 zhangjx]# curl -s http://192.168.5.46:9090/api/charts -u admin:admin | jq
{
"mycharts": [
{
"name": "mycharts",
"version": "0.1.6",
"description": "A Helm chart for Kubernetes",
"apiVersion": "v2",
"appVersion": "1.16.0",
"type": "application",
"urls": [
"charts/mycharts-0.1.6.tgz"
],
"created": "2020-11-17T14:11:33.068906+08:00",
"digest": "c0081239734e0592cdf5b98da8ff25a12ed5ce847de29ea52ddce7c0fe70a34f"
},
{
"name": "mycharts",
"version": "0.1.1",
"description": "A Helm chart for Kubernetes",
"apiVersion": "v2",
"appVersion": "1.16.0",
"type": "application",
"urls": [
"charts/mycharts-0.1.1.tgz"
],
"created": "2020-11-17T14:04:28.005906+08:00",
"digest": "d0363f6588e36345f05656cbae5a6e4639c1e1bd606ad8761a46600d1e11bd07"
}
]
}
3.2.5 删除一个charts
(base) [root@node46 zhangjx]# curl -X DELETE http://192.168.5.46:9090/api/charts/mycharts/0.1.1 -u admin:admin
{"deleted":true}
3.2.6 安装charts
# helm install helm-nginx-2 --username admin --password admin --repo http://192.168.5.46:9090 mycharts --version 0.1.6
4 总结
使用Helm管理Kubernetes应用其实就是管理创建Kubernetes资源的yaml文件,将同一应用所需要的资源打包到同一个目录下,对于经常变化的变量有Helm管理,这样便于部署和迁移。